CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 4 days ago•4 views

CVE-2026-48853 Remote code execution and denial of service via unsafe Erlang term deserialization in elixir-grpc/grpc

9.2CVSS6.4AI score0.00573EPSS

CVE•added 4 days ago•15 views

CVE-2026-48853

CVE-2026-48853 affects the elixir-grpc/grpc stack where the Erlpack codec decodes gRPC payloads with :erlang.binary_to_term/1 without safety bounds. This leads to untrusted data deserialization, atom creation risk (atom table exhaustion) and potential remote code execution if a malicious term rea...

9.2CVSS6.5AI score0.00573EPSS

Positive Technologies•added 4 days ago•8 views

PT-2026-49533

Name of the Vulnerable Software and Affected Versions grpc versions 0.4.0 through 0.9.x Description Deserialization of untrusted data and allocation of resources without limits or throttling allow unauthenticated attackers to crash the BEAM node or achieve remote code execution on the server. The...

9.2CVSS6.3AI score0.00573EPSS

Exploits0References7

Cvelist•added 2026/06/11 10:44 a.m.•24 views

CVE-2026-53423 Unauthenticated denial-of-service via BEAM atom table exhaustion in membrane_mp4_plugin

Allocation of Resources Without Limits or Throttling vulnerability in membraneframework membranemp4plugin allows unauthenticated denial-of-service via BEAM atom table exhaustion. The MP4 box header parser converts each 4-byte box name to an atom using String.toatom/1 without validation...

5.9CVSS0.00126EPSS

EUVD•added 2026/06/11 10:44 a.m.•6 views

EUVD-2026-36235

CVE•added 2026/06/11 10:44 a.m.•14 views

CVE-2026-53423

CVE-2026-53423 affects membrane_mp4_plugin (Elixir/Membrane) from version 0.3.0 up to

Vulnrichment•added 2026/06/11 10:44 a.m.•6 views

CVE-2026-53423 Unauthenticated denial-of-service via BEAM atom table exhaustion in membrane_mp4_plugin

OSV•added 2026/06/11 10:44 a.m.•3 views

EEF-CVE-2026-53423 Unauthenticated denial-of-service via BEAM atom table exhaustion in membrane_mp4_plugin

Summary Allocation of Resources Without Limits or Throttling vulnerability in membraneframework membrane\mp4\plugin allows unauthenticated denial-of-service via BEAM atom table exhaustion. The MP4 box header parser converts each 4-byte box name to an atom using String.to\atom/1 without validation...

Positive Technologies•added 2026/06/11 12:0 a.m.•6 views

PT-2026-48648

Allocation of Resources Without Limits or Throttling vulnerability in membraneframework membrane mp4 plugin allows unauthenticated denial-of-service via BEAM atom table exhaustion. The MP4 box header parser converts each 4-byte box name to an atom using String.to atom/1 without validation...

EUVD•added 2026/06/09 9:59 p.m.•6 views

Exploits0References5

EUVD-2026-31114

PhoenixStorybook: Unbounded atom creation from LiveView event params atom-table DoS...

8.2CVSS5.4AI score0.00501EPSS

Exploits0References5

Github Security Blog•added 2026/06/09 9:59 p.m.•8 views

PhoenixStorybook: Unbounded atom creation from LiveView event params (atom-table DoS)

Summary An attacker who can deliver psb-assign, psb-toggle, psb-set-theme, upper-tab-navigation, lower-tab-navigation, playground-change, or playground-toggle LiveView events to a mounted Phoenix Storybook playground can flood the BEAM atom table with attacker-controlled strings, permanently...

8.2CVSS5.5AI score0.00501EPSS

Exploits0References6Affected Software1

OSV•added 2026/06/09 9:59 p.m.•3 views

GHSA-833P-95JQ-929Q PhoenixStorybook: Unbounded atom creation from LiveView event params (atom-table DoS)

8.2CVSS5.5AI score0.00501EPSS

Exploits0References6

RedhatCVE•added 2026/06/05 7:16 p.m.•6 views

CVE-2026-42793

Allocation of Resources Without Limits or Throttling vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via atom table exhaustion when parsing attacker-controlled GraphQL SDL. Multiple Blueprint.Draft.convert/2 implementations in Absinthe's SDL language modules ca...

8.2CVSS5.6AI score0.00613EPSS

Exploits1References1

RedhatCVE•added 2026/06/04 10:3 a.m.•12 views

CVE-2026-48597

Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.openconn/2 converts the URL scheme of every outgoing request to a BEAM atom via String.toatomuri.scheme with no...

Vulnrichment•added 2026/06/02 7:8 p.m.•6 views

Exploits0References1

CVE-2026-48597 Atom table exhaustion via untrusted URL scheme in Tesla.Adapter.Mint

CVE•added 2026/06/02 7:8 p.m.•20 views

CVE-2026-48597

The vulnerability CVE-2026-48597 affects elixir-tesla (Tesla) where Tesla.Adapter.Mint.open_conn/2 converts each outgoing request URL scheme to a BEAM atom using String.to_atom(uri.scheme) without an allow-list. Since BEAM atoms are not garbage-collected, an attacker who can influence the request...

EUVD•added 2026/06/02 7:8 p.m.•10 views

EUVD-2026-34013

OSV•added 2026/06/02 7:8 p.m.•6 views

EEF-CVE-2026-48597 Atom table exhaustion via untrusted URL scheme in Tesla.Adapter.Mint

Summary Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.openconn/2 converts the URL scheme of every outgoing request to a BEAM atom via String.toatomuri.scheme wit...

Positive Technologies•added 2026/06/02 12:0 a.m.•10 views

PT-2026-45840

Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.open conn/2 converts the URL scheme of every outgoing request to a BEAM atom via String.to atomuri.scheme with no...